Can we get a greater maximum password length? These 8-character DES passwords are so ten years ago.

Mixie

04-06-2007, 07:34 PM

I agree. 8 Character passwords really seem insecure.

wildjokerdesign

04-06-2007, 08:28 PM

I agree. 8 Character passwords really seem insecure.

It may seem that way but they are not unless you use something common. The charecter count is not as important as what you use of those characters. For example "password" would be week "R_67tlP3" would be pretty hard to crack. Notice it is a mix of upper and lower case, numbers and the underscore. It is not the length but what you do with it. :)

WestHost - CRussell

04-09-2007, 05:26 PM

jmwebb,

This is something we need to improve on, I hear you. It's on our list. But wildjoker is right, in the meantime there are things you can do to make your 8 character password secure.

Nerdmaster

06-05-2007, 01:59 PM

jmwebb,

This is something we need to improve on, I hear you. It's on our list. But wildjoker is right, in the meantime there are things you can do to make your 8 character password secure.

This is theoretically true (making 8 character passwords secure), but making an 8 character password both secure and easy to remember tends to be a daunting task.... One of the biggest difficulties at my real job is convincing people to use a secure password, and we find that when we tell people to do "simple" things like stringing several words together, with some capitals and some symbols (#, !, @, etc) in between words (or in place of some letters), they remember their passwords a lot more easily.

Having a secure password is pretty worthless if you have to write it down.

I have found that misspelled "leetspeek" sentences make great passwords - such as "Cl0wnz@ren07TheEnemee" - as that's nearly impossible to bruteforce even if you know my words are based on dictionary words. I know that the phrase is "Clowns are not the enemy", and my particular style for obfuscating the text will leave only a dozen or so possible passwords from that phrase. I won't likely forget it after I've typed it in a few times, but I feel safe not writing it down because even if I forget the specific obfuscation I know I can guess it in a few tries.

derenrich

06-10-2007, 08:34 AM

This is theoretically true (making 8 character passwords secure), but making an 8 character password both secure and easy to remember tends to be a daunting task....
Exactly. There is no way I will be able to convince people with e-mail accounts on my server to use 8-bytes of noise as a password. Thus, they will use weak passwords. Longer passwords are important for both convenience and security.

wildjokerdesign

06-10-2007, 10:41 AM

Longer passwords are important for both convenience and security.

I have never know security to be convenient. Every time I leave my shed door unlocked for my convenience someone steals my lawnmower. :)

I do agree with the need for longer passwords but thought that it was funny to use convenience and security in the same sentence. ;)